Skip to content

Commit

Permalink
tests: consolidation, refactoring and organizing, renaming of some tests
Browse files Browse the repository at this point in the history
- added markers to pytest.ini
- added markers to tests
- consolidated two sssctl test files into one, sssctl_config_check.py and sssctl.py
- renamed test_id.py, to test_identity.py, just to match the marker groups
- renamed the test cases in test_identity.py to be more readable
- renamed test_ldap_extra_attrs.py to test_schema.py , after looking at the tests, its testing the schema attributes
- appended test_shadow.py to test_ldap.py , tests shadowlastchange = 0 in LDAP
  • Loading branch information
Dan Lavu committed Sep 15, 2023
1 parent 2cb7bc2 commit 7df777f
Show file tree
Hide file tree
Showing 9 changed files with 150 additions and 194 deletions.
6 changes: 3 additions & 3 deletions src/tests/multihost/basic/test_sssctl_config_check.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@


class TestSssctlConfigCheck(object):
@pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__typo_option_name')
@pytest.mark.converted('test_sssctl.py', 'test_sssctl__typo_option_name')
def test_verify_typo_option_name(self, multihost):
"""
:title: sssctl: Verify typos in option name (not value)
Expand Down Expand Up @@ -44,7 +44,7 @@ def test_verify_typo_option_name(self, multihost):
multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget],
raiseonerr=False)

@pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__typo_domain_name')
@pytest.mark.converted('test_sssctl.py', 'test_sssctl__typo_domain_name')
def test_verify_typo_domain_name(self, multihost):
"""
:title: sssctl: Verify typos in domain name of configuration file
Expand Down Expand Up @@ -74,7 +74,7 @@ def test_verify_typo_domain_name(self, multihost):
multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget],
raiseonerr=False)

@pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__misplaced_option')
@pytest.mark.converted('test_sssctl.py', 'test_sssctl__misplaced_option')
def test_misplaced_option(self, multihost):
"""
:title: sssctl: Verify misplace options in default configuration file
Expand Down
2 changes: 1 addition & 1 deletion src/tests/system/pytest.ini
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# For marker descriptions please look at https://tests.sssd.io/en/latest/marks.html
[pytest]
addopts = --strict-markers
testpaths = tests
Expand All @@ -12,4 +13,3 @@ markers =
tools:
ticket_tools = bz,gh,jira

# For marker descriptions please look at https://tests.sssd.io/en/latest/marks.html
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
"""
SSSD Client identification
SSSD Client identity Lookups
:requirement: IDM-SSSD-REQ: Client side performance improvements
"""
Expand All @@ -14,7 +14,7 @@

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__getpwnam(client: Client, provider: GenericProvider):
def test_identity__lookup_username_with_id(client: Client, provider: GenericProvider):
"""
:title: Resolve user by name with id
:setup:
Expand Down Expand Up @@ -47,7 +47,7 @@ def test_id__getpwnam(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__getpwuid(client: Client, provider: GenericProvider):
def test_identity__lookup_uid_with_id(client: Client, provider: GenericProvider):
"""
:title: Resolve user by uid with id
:setup:
Expand Down Expand Up @@ -80,7 +80,7 @@ def test_id__getpwuid(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__getgrnam(client: Client, provider: GenericProvider):
def test_identity__lookup_groupname_with_getent(client: Client, provider: GenericProvider):
"""
:title: Resolve group by name with getent.group
:setup:
Expand Down Expand Up @@ -113,7 +113,7 @@ def test_id__getgrnam(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__getgrgid(client: Client, provider: GenericProvider):
def test_identity__lookup_gid_with_getent(client: Client, provider: GenericProvider):
"""
:title: Resolve group with by gid with getent.group
:setup:
Expand Down Expand Up @@ -146,7 +146,7 @@ def test_id__getgrgid(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__getent_passwd(client: Client, provider: GenericProvider):
def test_identity__lookup_user_with_getent(client: Client, provider: GenericProvider):
"""
:title: Resolve user with getent.passwd
:setup:
Expand Down Expand Up @@ -188,7 +188,7 @@ def test_id__getent_passwd(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__getent_group(client: Client, provider: GenericProvider):
def test_identity__lookup_user_by_group_with_getent(client: Client, provider: GenericProvider):
"""
:title: Resolve user with getent.group
:setup:
Expand Down Expand Up @@ -228,7 +228,7 @@ def test_id__getent_group(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__membership_by_group_name(client: Client, provider: GenericProvider):
def test_identity__lookup_group_membership_by_username_with_id(client: Client, provider: GenericProvider):
"""
:title: Check membership of user by group name with id
:setup:
Expand Down Expand Up @@ -261,7 +261,7 @@ def test_id__membership_by_group_name(client: Client, provider: GenericProvider)

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__membership_by_group_id(client: Client, provider: GenericProvider):
def test_identity__lookup_group_membership_by_group_with_id(client: Client, provider: GenericProvider):
"""
:title: Check membership of user by gid with id
:setup:
Expand Down Expand Up @@ -295,7 +295,7 @@ def test_id__membership_by_group_id(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__initgroups(client: Client, provider: GenericProvider):
def test_identity__lookup_initgroups_with_getent(client: Client, provider: GenericProvider):
"""
:title: Check initgroups of user
:setup:
Expand Down Expand Up @@ -334,7 +334,7 @@ def test_id__initgroups(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__getpwnam_fully_qualified_names(client: Client, provider: GenericProvider):
def test_identity__lookup_users_with_fully_qualified_name(client: Client, provider: GenericProvider):
"""
:title: Resolve user when 'use_fully_qualified_names' is 'true'
:setup:
Expand Down Expand Up @@ -377,7 +377,7 @@ def test_id__getpwnam_fully_qualified_names(client: Client, provider: GenericPro

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__case_insensitive(client: Client, provider: GenericProvider):
def test_identity__lookup_users_when_case_insensitive(client: Client, provider: GenericProvider):
"""
:title: Search user with case insensitive name when 'case_sensitive' is 'false'
:setup:
Expand Down Expand Up @@ -422,7 +422,7 @@ def test_id__case_insensitive(client: Client, provider: GenericProvider):

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_id__fq_names_case_insensitive(client: Client, provider: GenericProvider):
def test_identity__lookup_users_fully_qualified_name_and_case_insensitive(client: Client, provider: GenericProvider):
"""
:title: Search user with fq case insensitive name when
'case_sensitive' is 'false' and 'use_fully_qualified_names' is 'true'
Expand Down
2 changes: 1 addition & 1 deletion src/tests/system/tests/test_kcm.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
import time

import pytest
from pytest_mh.ssh import SSHProcessError
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.kdc import KDC
from sssd_test_framework.topology import KnownTopology
Expand Down Expand Up @@ -413,3 +412,4 @@ def test_kcm__simple_kinit(client: Client, kdc: KDC):
with pytest.raises(SSHProcessError):
krb.kinit(username, password="wrong")
assert krb.klist().rc == 0, "Klist failed"

39 changes: 39 additions & 0 deletions src/tests/system/tests/test_ldap.py
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,42 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str):

assert client.auth.ssh.password(user, new_pass), "Authentication with new correct password failed"
assert not client.auth.ssh.password(user, old_pass), "Authentication with old incorrect password did not fail"


@pytest.mark.importance("high")
@pytest.mark.ldap
@pytest.mark.authentication
@pytest.mark.ticket(bz=1507035)
@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.parametrize("method", ["su", "ssh"])
def test_ldap__password_change(client: Client, ldap: LDAP, method: str):
"""
:title: Change password with shadow ldap password policy
:setup:
1. Allow user to change its own password in LDAP
2. Create LDAP user "tuser" with shadowLastChange = 0
3. Set ldap_pwd_policy to "shadow"
4. Set ldap_chpass_update_last_change to "True"
5. Start SSSD
:steps:
1. Autheticate as "tuser" with old password
2. Autheticate as "tuser" with new password
:expectedresults:
1. Password was expired and new password was expected and provided
2. Authentication with new password was successful
:customerscenario: True
"""
ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)')
ldap.user("tuser").add(
uid=999011, gid=999011, shadowMin=0, shadowMax=99999, shadowWarning=7, shadowLastChange=0, password="Secret123"
)

client.sssd.domain["ldap_pwd_policy"] = "shadow"
client.sssd.domain["ldap_chpass_update_last_change"] = "True"
client.sssd.start()

# Password is expired, change it
assert client.auth.parametrize(method).password_expired("tuser", "Secret123", "Redhat@321")

# Authenticate with new password
assert client.auth.parametrize(method).password("tuser", "Redhat@321")
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
"""
ldap_user_extra_attrs tests.
schema tests.
:requirement: ldap_extra_attrs
"""
Expand All @@ -17,7 +17,7 @@
@pytest.mark.ticket(gh=4153, bz=1362023)
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("attrs", ["mail, firstname:givenname, lastname:sn", "given_email:mail"])
def test_ldap_extra_attrs__filled(client: Client, provider: GenericProvider, attrs: str):
def test_schema__ldap_extra_attrs_filled(client: Client, provider: GenericProvider, attrs: str):
"""
:title: SSSD starts correctly when ldap_user_extra_attrs is filled
:setup:
Expand Down
50 changes: 0 additions & 50 deletions src/tests/system/tests/test_shadow.py

This file was deleted.

92 changes: 91 additions & 1 deletion src/tests/system/tests/test_sssctl.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,15 @@
SSSCTL tests.
:requirement: IDM-SSSD-REQ: Status utility
:requirement: IDM-SSSD-REQ: Configuration validation
"""

from __future__ import annotations

import re

import pytest
from pytest_mh.ssh import SSHProcessError
from sssd_test_framework.roles.client import Client
from sssd_test_framework.topology import KnownTopology

Expand All @@ -28,7 +32,7 @@ def test_sssctl__check_id_provider(client: Client):
2. Successfully get the error message.
:customerscenario: False
"""
# create sssd.conf and start the sssd, with deafult configuration with a LDAP server.
# create sssd.conf and start the sssd, with default configuration with a LDAP server.
client.sssd.start()

# remove id_provider parameter from domain section.
Expand Down Expand Up @@ -71,3 +75,89 @@ def test_sssctl__check_invalid_id_provider(client: Client):
"[rule/sssd_checks]: Attribute 'id_provider' in section 'domain/test' has an invalid value: invalid"
in output.stdout_lines[1]
)


@pytest.mark.importance("high")
@pytest.mark.tools
@pytest.mark.sssctl
@pytest.mark.topology(KnownTopology.Client)
def test_sssctl__check_typo_option_name(client: Client):
"""
:title: sssctl config-check detects mistyped option name
:setup:
1. Add wrong_option to domain section
2. Start SSSD, without config check
:steps:
1. Call sssctl config-check
2. Check error message
:expectedresults:
1. config-check detects an error in config
2. Error message is properly set
:customerscenario: False
"""
client.sssd.common.local()
client.sssd.dom("test")["wrong_option"] = "true"

client.sssd.start(check_config=False)

result = client.sssctl.config_check()
assert result.rc != 0, "Config-check did not detect misconfigured config"

pattern = re.compile(r"Attribute 'wrong_option' is not allowed.*")
assert pattern.search(result.stdout), "Wrong error message was returned"


@pytest.mark.importance("high")
@pytest.mark.tools
@pytest.mark.sssctl
@pytest.mark.topology(KnownTopology.Client)
def test_sssctl__check_typo_domain_name(client: Client):
"""
:title: sssctl config-check detects mistyped domain name
:setup:
1. Create mistyped domain ("domain/")
2. Start SSSD
:steps:
1. Call sssctl config-check, implicitly
2. Check error message
:expectedresults:
1. config-check detects an error in config
2. Error message is properly set
:customerscenario: False
"""
client.sssd.dom("")["debug_level"] = "9"

with pytest.raises(SSHProcessError) as ex:
client.sssd.start(raise_on_error=True, check_config=True)

assert ex.match(r"Section \[domain\/\] is not allowed. Check for typos.*"), "Wrong error message was returned"


@pytest.mark.importance("high")
@pytest.mark.tools
@pytest.mark.sssctl
@pytest.mark.topology(KnownTopology.Client)
def test_sssctl__check_misplaced_option(client: Client):
"""
:title: sssctl config-check detects misplaced option
:setup:
1. In domain set "services" to "nss, pam"
2. Start SSSD, without config check
:steps:
1. Call sssctl config-check
2. Check error message
:expectedresults:
1. config-check detects an error in config
2. Error message is properly set
:customerscenario: False
"""
client.sssd.common.local()
client.sssd.dom("test")["services"] = "nss, pam"

client.sssd.start(check_config=False)

result = client.sssctl.config_check()
assert result.rc != 0, "Config-check did not detect misconfigured config"

pattern = re.compile(r".Attribute 'services' is not allowed in section .*")
assert pattern.search(result.stdout), "Wrong error message was returned"
Loading

0 comments on commit 7df777f

Please sign in to comment.